Security: Digital Oil Field or Digital Nightmare?
- Herb Yuan (Dexa Systems) | Mehrzad Mahdavi (Dexa Systems) | Donald Paul (University of Southern California)
- Document ID
- Society of Petroleum Engineers
- Journal of Petroleum Technology
- Publication Date
- August 2011
- Document Type
- Journal Paper
- 16 - 18
- 2011. Copyright is retained by the author. This document is distributed by SPE with the permission of the author. Contact the author for permission to use material from this document.
- 1 in the last 30 days
- 176 since 2007
- Show more detail
- View rights & permissions
|SPE Member Price:||Free|
|SPE Non-Member Price:||USD 2.00|
In recent months, news articles or web postings about new security vulnerabilities resulting in a loss of critical information and damage to reputation have become common. It begs the question: Is the digital revolution a blessing or a curse?
The latest and most pervasive type of security threat, referred to as advanced persistent threat (APT) involves deliberate, sophisticated cyber attacks with an explicit intent to usurp confidential information. These attacks are common in the oil and gas industry and are particularly alarming because of their focus on key organizational players. While APT can take different forms, pieces of code are sometimes placed onto the network of a target organization through clandestine methods, such as phishing. In such a case, once an organization is infected by this code, it is subject to remote control, locating and exporting confidential corporate data and email. The code then hibernates, awaiting further instruction. Meanwhile, the company often remains unaware that it has been compromised for a long period of time. Because APT is difficult to detect, it is easy to have a false sense of security while attackers continue to access critical infrastructure.
As this issue becomes more commonplace, the government is taking notice and action. To help mitigate the risks of APT, the Obama administration recently unveiled its recommendations for comprehensive cyber security legislation that involves seven proposals. If these proposals are enacted, the administration will have a significant say in the cyber security practices of major industries. The content of these proposals has a new framework with far-reaching cyber security obligations for companies, including oil and gas companies that own and operate critical infrastructure. It also covers the establishment of standards regarding notification to consumers of data breaches.
More Efficient, More Exposed
Oil and gas companies continue to leverage the benefits of the digital oil field, particularly by applying digital technologies to well operations and hydrocarbon production. This technology drive has been intense over the past decade because of the resulting business benefits, which include decreased downtime, significant productivity gains, improved well performance, and production monitoring. Moreover, digital capabilities enable companies to better use and apply their scarce expertise to wherever it is needed around the world in real time.
In the case of geophysical processing, reservoir modeling, and prediction, the central processing unit performance envelope was pushed by the growing need to process more data; deliver larger, more detailed geological and reservoir models; and better describe complex physics—all with increased accuracy and speed.
It is now common to find well operations and production monitoring control rooms in most oil and gas companies. What makes the situation unique, however, is the marriage of physical elements with the digital control framework, thus creating a security challenge. Cyber physical security is the new watchword for upstream companies.
|File Size||85 KB||Number of Pages||2|